[keycloak-user] Securing backend rest methods

Juan Diego juandiego83 at gmail.com
Fri Jun 19 15:35:42 EDT 2015 

Yeah thanks that is exactly what I was looking for.

On Fri, Jun 19, 2015 at 2:19 PM, Scott Dunbar <scott at xigole.com> wrote:

>  Juan,
> I'm not sure that your environment is like mine but I have something like:
>
>
> @Path("/user")
> @Stateless
> public class UserService {
>
> ...
>
>     @Path("/getUserInformation")
>     @Produces({ MediaType.APPLICATION_JSON })
>     @GET
>     @HttpConstraint(rolesAllowed = {"companyAdmin"})
>     public Response getUserInformation(@Context HttpServletRequest
> request) {
>     }
> }
>
> This means that someone had to have already logged in elsewhere and be in
> the companyAdmin role before they will have the ability to call the
> getUserInformation method.  If they are not logged in or are not in that
> roll they will get a forbidden message.  Any methods that do not have the
> HttpConstraint annotation are not protected.
>
> Is this what you're looking for?
>
>
>
>
>
> On 06/19/2015 12:32 PM, Juan Diego wrote:
>
> How can I secure a method for a role, if a rest service has multiple
> methods.
>
> On Fri, Jun 19, 2015 at 2:49 AM, Stian Thorgersen <stian at redhat.com>
> wrote:
>
>> Keycloak is based on roles and we don't have support for groups. By using
>> composite roles you can model groups as a role though.
>>
>> ----- Original Message -----
>> > From: "Juan Diego" <juandiego83 at gmail.com>
>> > To: "keycloak-user" <keycloak-user at lists.jboss.org>
>> > Sent: Thursday, 18 June, 2015 8:35:08 PM
>> > Subject: [keycloak-user] Securing backend rest methods
>> >
>> > Hi,
>> >
>> > I was looking in the examples but I cannot find the right one. Is there
>> an
>> > example that shows how to secure just a method of a rest for a certain
>> > group, allow all groups to the rest method. Like in picketlinks you
>> could
>> > create your own @Admin @Mygroup annotation and add it to a function.
>> >
>> > Thanks,
>> >
>> > Juan diego
>> >
>>  > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
> Scott Dunbar
> Xigole Systems, Inc.
> Enterprise consulting, development, and hosting
> 303·667·6343
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150619/f8e4d15a/attachment.html

More information about the keycloak-user mailing list